What Are You Looking For?

Sign Up
MGASA-2022-0031 - Updated expat packages fix security vulnerability

Publication date: 25 Jan 2022
URL: https://advisories.mageia.org/MGASA-2022-0031.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-45960,
     CVE-2021-46143,
     CVE-2022-22822,
     CVE-2022-22823,
     CVE-2022-22824,
     CVE-2022-22825,
     CVE-2022-22826,
     CVE-2022-22827

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places
in the storeAtts function in xmlparse.c can lead to realloc misbehavior
(e.g., allocating too few bytes, or only freeing memory). (CVE-2021-45960)

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer
overflow exists for m_groupSize. (CVE-2021-46143)

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22822)

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22823)

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22824)

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer
overflow. (CVE-2022-22825)

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22826)

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an
integer overflow. (CVE-2022-22827)

References:
- https://bugs.mageia.org/show_bug.cgi?id=29902
- https://blog.hartwork.org/posts/expat-2-4-3-released/
- https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827

SRPMS:
- 8/core/expat-2.2.10-1.1.mga8

Mageia 2022-0031: expat security update

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, o...

Summary

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). (CVE-2021-45960)
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. (CVE-2021-46143)
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22822)
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22823)
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22824)
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22825)
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22826)
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. (CVE-2022-22827)

References

- https://bugs.mageia.org/show_bug.cgi?id=29902

- https://blog.hartwork.org/posts/expat-2-4-3-released/

- https://github.com/libexpat/libexpat/blob/R_2_4_3/expat/Changes

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45960

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46143

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22822

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22823

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22824

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22825

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22826

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22827

Resolution

MGASA-2022-0031 - Updated expat packages fix security vulnerability

SRPMS

- 8/core/expat-2.2.10-1.1.mga8

Severity
Publication date: 25 Jan 2022
URL: https://advisories.mageia.org/MGASA-2022-0031.html
Type: security
CVE: CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827

Related News

Latest Release of EuroLinux Desktop – What Will We Find in Version 9.1?

Apr 2, 2023

What Sysadmins Want to Know about OpenShift and Kubernetes in 2022

Dec 29, 2022

C++ Programming Language and Safety: Here's Where It Goes Next

Jan 23, 2023

Linux Kernel 6.1: Rusty Release Could Be a Game-Changer

Dec 11, 2022

News

Advisories

HOWTOs

Features

Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap
CISA Issues Urgent Warning Over Active Exploitation of Looney Tunables glibc Bug

About Us

Powered By

Footer Logo